The facts of the case are very simple. Brelyn Hammernick was a Minneapolis technical recruiter for the IT services firm TEKsystems who left to take a job with their competitor Horizontal Integrations. Ms. Hammernick used LinkedIn’s e-mail tool to communicate with her network, which included several current TEKsystems employees. Ms. Hammernick had signed a non-compete agreement with TEKsystems containing standard non-solicitation language that prohibited her from communicating with company employees to induce them to leave TEKsystems or work for a competitor. Yet, as several attorney bloggers have already commented, certain of Ms. Hammernick’s e-mails were clearly solicitations. The relevant paragraph from TEKsystems’ complaint alleges:

“Hammernick is soliciting TEKsystems’ Contract Employees and clients in the geographic area encompassed by the non-competition and non-solicitation provisions of the Hammernick Agreement. For example, Hammernick has communicated with at least 20 of TEKsystems’ Contract Employees using such electronic networking systems as “Linkedin.” Hammernick has, at a minimum, “connected” with the following TEKsystems’ employees through “Linkedin: Harold Osmundson, Steve Wicks, Kazim Merchant, Shawn Faber, Srujana Pasunuri, Shailaja Garishakurti, Kevin Jordahl, Mitha KC, Carl Boudreau, Tom Peterson, Seann Van Cleve, Bob Hasselman, Marcia Diterich, Bill Severson, Claude Wallander, and Brett Snaza. In her contacts with Tom Peterson, Hammernick asked Peterson if he was “still looking for opportunities.” She then stated that she ‘would love to have [you] come visit my new office and hear about some of the stuff we are working on.’”

You can also find a full reprint of the key e-mails, along with some trenchant commentary, on Dallas attorney Rob Radcliff’s blog here. (I don’t normally cite other law firms’ blogs, but I consider Mr. Radcliff’s post both informative and dead-on.)

What are the take-aways here?

1. No one seriously believes that the federal district court is going to treat LinkedIn communications as qualitatively different from traditional channels of solicitation, such as telephone calls, e-mails outside of the social media context, or in-person conversations. Doing something dumb on Web 2.0 is the same as doing something dumb on Web 1.0, which in turn is the same as doing something dumb using a telephone, telegraph or smoke signals.

2. As Mr. Radcliff notes in his blog, employers may find social media posts and communications of departed employees to be a font of useful evidence in employment-related litigation. Employers should also consider mentioning social media posts and communications as a specific example in employee agreements and materials prohibiting solicitation and other objectionable activities.

3. The TEKsystems case involves deliberate one-to-one communications through LinkedIn. A salient question, however, is whether posts or updates to one’s entire network or chosen group can violate non-solicitation obligations if the content is objectionable and certain recipients are still employees of the sender’s late, unlamented employer. Or, to put it differently, if you’ve signed a non-compete with non-solicit requirements, should you “un-friend” or “de-link” your former work colleagues? Simply updating your career profile should not be a problem, but you may want to think twice before blitzing your network or friends about all of the terrific opportunities you’re getting at your new employer.

4. Careless chatter on social media is a problem not only for departing employees, but also for their new employers, who (like Horizon Integrations in the TEKsystems case) may get named in the lawsuit if the objectionable behavior appears to work for their benefit.

Legally speaking, social media is no different from other forms of communication. However, just as e-mail did in the 1990’s, it has a tendency to invite informal, spontaneous and poorly considered actions from its users. Given the uncertain state of privacy on Facebook and other popular social media sites, expect to see a mountain of social media evidence building up in future litigation.

On June 26, shortly after the Pietrylo verdict, another court (also in New Jersey) handed down a ruling which, at first glance, seems to be an even more emphatic vindication of employee online privacy rights against the prying eyes of Big Brother. You can check out the New Jersey Superior Court, Appellate Division’s opinion in Stengart v. Loving Care Agency, Inc., Docket No. A-3506-08T1, here.

In Stengart, an employee considering legal action against her employer used an employer-provided computer to send e-mails to her attorney through her personal Yahoo account. After the computer’s hard drive was imaged, the employer’s law firm read these e-mails but did not alert the plaintiff’s counsel that it had possession of them. A lower court ruled that, based on the employer’s purported adoption and distribution of an electronic communications policy which supposedly made all communications sent via corporate IT resources its “property,” the plaintiff had no expectation of privacy in the e-mails, and they were not protected by the attorney-client privilege.

The appellate court reversed, and in so doing, filled its opinion with lofty language sure to warm the hearts of privacy advocates and raise doubts about the effectiveness of Internet and computer use policies. For example:

“A policy imposed by an employer, purporting to transform all private communications into company property — merely because the company owned the computer used to make private communications or used to access such private information during work hours — furthers no legitimate business interest…. When an employee, at work, engages in personal communications via a company computer, the company’s interest — absent circumstances the same or similar to those that occurred in [certain cases involving a suspicion that the employee had committed fraud or accessed child pornography] — is not in the content of those communications; the company’s legitimate interest is in the fact that the employee is engaging in business other than the company’s business. Certainly, an employer may monitor whether an employee is distracted from the employer’s business and may take disciplinary action if an employee engages in personal matters during work hours; that right to discipline or terminate, however, does not extend to the confiscation of the employee’s personal communications.”

On closer examination, however, there is less here than meets the eye. On August 19, I made a guest post on Tech Target’s IT Knowledge Exchange giving a detailed legal analysis of the case. Let me just hit the high points here:

1. The employer’s electronic communications policy was badly drafted, made contradictory statements about the allowance of personal communications, and may not even have been in effect. The lower court did not conduct an evidentiary hearing about the adoption, applicability or objective interpretation of the policy.

3. The attorney-client privilege is sacred, particularly in New Jersey, as I know from prior work experience there. As the court admitted, the real issue in the case was not defining the scope of employee online privacy, but rather whether the plaintiff should suffer the draconian penalty of losing her attorney-client privilege in her e-mails with her attorney. Any broader reading of the language quoted above is legally non-binding.

While courts will probably strain to avoid finding a waiver of the attorney-client privilege, a properly drafted and disseminated Internet and computer use policy (for example, emphasizing the employer’s right to monitor and access both work-related and personal communications made using the employer’s IT resources, as opposed to claiming personal communications as the employer’s “property”) remains legal and enforceable. Where such a policy is in place, there is no all-encompassing right to privacy in personal communications transmitted through corporate IT resources.

Please understand where I am coming from: I am NOT advocating, as a normative principle, unlimited employer intrusion into private employee communications. (I have actually been criticized for supposedly being a legal apologist for Big Brother!) With the nine-to-five workday increasingly a thing of the past, most employees have a need to conduct a limited amount of personal business while at work. A well balanced Internet and computer use policy will acknowledge this reality.

With that said, however much I identify with Philadelphia’s heritage of individual liberty, I am not a paid professional civil libertarian. I am a technology lawyer engaged by businesses to help them sleep at night. In this capacity, I recommend that organizations adopt a reasonable Internet and computer use policy that clearly and unambiguously announces the scope of the employer’s monitoring/access rights and is carefully drafted to avoid or win litigation based on an asserted “expectation of privacy.” How much to monitor or access is a cultural and resource-driven decision that needs to be made by each organization.

The Pietrylo and Stengart cases are important pieces in the puzzle, but are more revealing as case studies in failure to use best practices than as some sort of Magna Carta of employee online privacy.

In Pietrylo, a bartender at Houston’s Restaurant in Hackensack, New Jersey created a password-protected, invitation-only discussion forum on MySpace for employees to kvetch about the restaurant, company practices, the customers and anything else on their minds. The content of the postings was frequently derogatory and racy. However, the discussion group was created and maintained on the employees’ personal time and without using the employer’s computers or Internet access. A group member light-heartedly showed the discussion group page to a restaurant manager (not so bright move there), only to be asked the following week to provide her sign-in information to another manager. The second manager accessed the MySpace discussion group and was not amused. Pietrylo and a fellow server were told to take a hike.

The two employees then brought suit against Houston’s owners for wrongful termination, invasion of privacy and violations of the federal Electronic Stored Communications Act and New Jersey’s Wiretapping and Electronic Surveillance Control Act, among other things. The case was tried in the federal district court for the District of New Jersey. On June 16, the jury returned a verdict which found liability under the federal and state statutes, but rejected all of the plaintiffs’ other claims, including their claim for invasion of privacy (notably, the jury decided that the plaintiffs had no reasonable expectation of privacy in the online communications).

The result hinged, rather, on what was perceived to be unauthorized accessing by the employer of an invitation-only discussion group, access made possible as the result of a coercive request to turn over the sign-in information. Finding such behavior malicious, the jury concluded that the employer had unlawfully invaded protected electronic communications and awarded the plaintiffs $17,000 in back pay and punitive damages.

A limited victory for Pietrylo, to be sure. However, if the employer had not been so ham-handed, the result would probably have been different. For example, instead of accessing the discussion group directly, the restaurant manager could have asked a member to provide printouts or screenshots. Or it could have documented the hand-over of the sign-in information so as to dispel any suggestion of coercion. The case does NOT stand for the proposition that employees cannot be fired for criticizing their employer on their own time. (With that said, employers should still implement Internet posting policies specifically stating that employees have no expectation of privacy in commentary they post on blogs and social networking sites.)